Simple PHP anti-injection content filtering method _ PHP Tutorial

Source: Internet
Author: User
Simple PHP anti-injection content filtering method. Content filtering is mostly intended to prevent some security injection or cross-origin operations. let's take a look at some simple anti-injection content filtering program code I 've compiled, I hope the article will filter the content mostly to prevent some security injection or cross-domain operations. let's take a look at some simple anti-injection content filtering program code I 've compiled, I hope the article will help you.

Method 1: filter useless content

You can find other filtering methods on the Internet:

The code is as follows:

Function checkHtml ($ data ){
$ Ret = preg_match ("/['.,:;*?~ '! @ # $ % ^ & + =) (<>{}] | [|/| \ | "|/", $ Data );
If ($ ret = 1 ){
Return false; exit;
} Else {
Return true;
}
}

Example 2 filter some html tags

The code is as follows:


Function uh ($ str)
{
$ Farr = array (
"/S +/", // filter unnecessary spaces
"/<(/?) (Scripti? Framestylehtmlbodytitlelinkmeta? %) ([^>] *?)> /IsU ", // filter"/(<[^>] *) On [a-zA-Z] + s * = ([^>] *>)/isU ", // filter javascript on events
);
$ Tarr = array (
"",
"<\ 1 \ 2 \ 3>", // If you want to directly clear insecure labels, leave it blank.
"\ 1 \ 2 ",
);
$ Str = preg_replace ($ farr, $ tarr, $ str );
Return $ str;
}

Method 3: The above two methods put the content to be filtered in the program. below I will put the content to be filtered in a txt text, the first time I read the file content for judgment, this facilitates the maintenance of the content to be filtered.

The code is as follows:

If ($ _ POST)
{
// You can convert the file content to an array:
/*
$ Fcon = file_get_contents ("./filter.txt ");
$ Filter_word = explode ("n", $ fcon );
*/
$ Filter_word = file ("./filter.txt ");
// $ Filter_word = array ("test1", "test2", "test3", "test4 ");
$ Str = $ _ POST ["mess"];
For ($ I = 0; $ I {
If (preg_match ("/". (trim ($ filter_word [$ I]). "/I", $ str ))
{
Echo "script" alert ('the content you entered contains illegal content. please try again! '); Script ";
Echo "back ";
Exit;
}
}
Echo "the content you entered is:". $ str;
}
?>
Test whether the filter is effective:

...

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.